storing password lists in mails to myself on IMAP?

Robert J. Hansen rjh at sixdemonbag.org
Thu Feb 15 23:59:23 CET 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> most mail-clients store draft e-mails on the imap server, thunderbird
> does this with user-interaction, others might do the same without you
> knowing. Anything can be stored on the mailserver as a mail-message.

That's true.  That doesn't mean that MUAs should be thought of as  
caching your passphrases on the server.  If there were MUAs in common  
use that did this, don't you think someone would have noticed by now?

If this issue is the most pressing one in your security policy, then  
either check it out for yourself or get a definitive answer from  
someone you trust.  Otherwise, start at the most pressing issues and  
start working your way down to the low-risk items like this.




- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)

iQEcBAEBCAAGBQJF1OXDAAoJELcA9IL+r4EJqYoH/ihAlcm7HApA9sXe5IGLEXH1
+YCu3Y6DJWjpS4YAMPesEMmP2Ec2zfmJfLhyNTQlOeDk6ltrpTU2ER6PjR/1nTqj
GI7GEtZWCwxKZ5Eb8IwmvrQ/i64fjP+oxIfMYJwrqeWVAFRxPboxhqEvQaYXl/n7
OCPHM97dsoC/3TmMxLTQFWzqcFEdUQl2Pf6q73OGJhzPnu9e3xd2cM/J6VTsPH74
++lHeOFf5nHSwCrqsEW4Yj0O9Mbs4qfvjEvKSqazmAfeWSl/kTP0rVSZjci1+wf+
HnGGQTuD16/Kcv3VG5B4uO7SUJiEFE7mOQspc5pLVGdRaMEY0l3Gp87fZCAxMg8=
=X6pd
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)

iQEcBAEBCAAGBQJF1OXLAAoJELcA9IL+r4EJUtQIANdh8HuPEGvtwVnoX+CfwxmN
U9jO+toIgpijVaHGogcpTHaYPHMBE/qhiGoGHk+6WEElVY9nC8YJFbB8Hs89SKin
z6WNg8vyjg+ePd2UR+pn4XpeIOTF/xICakZSwNxcM90nxHbEajhCp1ZWMfsZ+W1J
55RewfWtwmDTUtH5bydg4GSJM4PNI6tUP1tVpdi81ieEHgQt75+QN5boi9qF9dWu
dMp1DACHPt5ImVunkM0u+oPGkPn2uYYhBDo/ztZRFV+bUx92PDFG+RRA+pnZCBQ5
HGz492OPoMVnFiAxefiv8GdBPmGs9ceTIbpcLDdr3EY2+wIi0N4XizjzI3AYE0s=
=SBiR
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list